mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-29 13:38:26 +00:00
Code Issues Releases Wiki Activity
31,010 Commits 657 Branches 820 Tags
Commit Graph

1057 Commits

Author SHA1 Message Date
Francis Dupont
19a62c240d RFC 5011 client can crash. [RT #20903] 2010-01-26 23:33:10 +00:00
Evan Hunt
c46b6864af fix typo 2010-01-22 01:46:20 +00:00
Evan Hunt
da4a8c89a8 remove reference to isc_time member "seconds", which doesn't exist in win32 2010-01-22 01:34:47 +00:00
Evan Hunt
b47d410f84 2840. [bug] Change 2836 was not complete. [RT #20883] 2010-01-14 23:27:38 +00:00
Francis Dupont
51512910da comment trivial update 2010-01-12 23:56:12 +00:00
Francis Dupont
125da90ced trivial spelling error in comment 2010-01-11 01:14:08 +00:00
Automatic Updater
b871a3e0cd update copyright notice 2010-01-09 23:48:45 +00:00
Evan Hunt
05b1ab91a6 2836. [bug] Keys that were scheduled to become active could 
be delayed. [RT #20874]
 2010-01-09 17:09:00 +00:00
Automatic Updater
400615c294 update copyright notice 2009-12-30 23:49:14 +00:00
Evan Hunt
687b6322fb 2826. [bug] NSEC3->NSEC transitions could fail due to a lock not 
being released.  [RT #20740]
 2009-12-30 03:38:57 +00:00
Mark Andrews
7ddd859470 more for: 
2824.   [bug]           "rndc sign" was not being run by the correct task.
                        [RT #20759]
 2009-12-30 02:32:13 +00:00
Mark Andrews
502dc92f58 more for: 
2824.   [bug]           "rndc sign" was not being run by the correct task.
                        [RT #20759]
 2009-12-30 02:26:30 +00:00
Mark Andrews
5b77627c09 2824. [bug] "rndc sign" was not being run by the correct task. 
[RT #20759]
 2009-12-29 22:20:33 +00:00
Mark Andrews
c9630524c7 2814. [func] Provide a definitive error message when a master 
zone is not loaded. [RT #20757]
 2009-12-21 04:29:10 +00:00
Automatic Updater
928e12ccdc update copyright notice 2009-12-18 23:49:03 +00:00
Evan Hunt
4e55893d30 2813. [bug] Better handling of unreadable DNSSEC key files. 
[RT #20710]

2812.	[bug]		Make sure updates can't result in a zone with
			NSEC-only keys and NSEC3 records. [RT 20748]
 2009-12-18 22:16:49 +00:00
Evan Hunt
bc04d6ec15 2807. [bug] Fixed a possible ASSERT when reconfiguring zone 
keys. [RT #20720]
 2009-12-11 01:06:03 +00:00
Evan Hunt
b8b602f89b 2806. [bug] "rdnc sign" could delay re-signing the DNSKEY 
when it had changed. [RT #20703]
 2009-12-07 20:51:12 +00:00
Evan Hunt
c2f095969c oops: missed a declaration, and forgot to lock the zone before clearing 
the flag.  (and accidentally ran make tests in the wrong tree, misleading
myself into thinking it was fine.)
 2009-12-05 01:25:43 +00:00
Evan Hunt
d601ef9e89 2804. [bug] Send notifies when a zone is signed with "rndc sign" 
or as a result of a scheduled key change. [RT #20700]
 2009-12-04 22:45:11 +00:00
Automatic Updater
4b6dc226f7 update copyright notice 2009-12-04 22:06:37 +00:00
Mark Andrews
3d17a3ba61 2801. [func] Detect and report records that are different according 
to DNSSEC but are sematically equal according to plain
                        DNS.  Apply plain DNS comparisons rather than DNSSEC
                        comparisons when processing UPDATE requests.
                        dnssec-signzone now removes such semantically duplicate
                        records prior to signing the RRset.

                        named-checkzone -r {ignore|warn|fail} (default warn)
                        named-compilezone -r {ignore|warn|fail} (default warn)

                        named.conf: check-dup-records {ignore|warn|fail};
 2009-12-04 21:09:34 +00:00
Mark Andrews
5d850024cb 2800. [func] Reject zones which have NS records which refer to 
CNAMEs, DNAMEs or don't have address record (class IN
                        only).  Reject UPDATEs which would cause the zone
                        to fail the above checks if committed. [RT #20678]
 2009-12-04 03:33:15 +00:00
Evan Hunt
e6dda86e8b 2798. [bug] Addressed bugs in managed-keys initialization 
and rollover. [RT #20683]
 2009-12-03 15:40:03 +00:00
Evan Hunt
fc1fb1a469 2786. [bug] Spurious log message when zone keys were 
dynamically reconfigured. [RT #20659]
 2009-11-25 02:30:54 +00:00
Evan Hunt
d312bc5d81 2785. [bug] Revoked keys could fail to self-sign [RT #20652] 2009-11-24 03:42:32 +00:00
Evan Hunt
cef109efa7 2780. [bug] dnssec-keygen -A none didn't properly unset the 
activation date in all cases. [RT #20648]

2779.	[bug]		Dynamic key revokation could fail. [RT #20644]

2778.	[bug]		dnssec-signzone could fail when a key was revoked
			without deleting the unrevoked version. [RT #20638]
 2009-11-23 02:55:41 +00:00
Evan Hunt
b08325a7f3 2773. [bug] In autosigned zones, the SOA could be signed 
with the KSK. [RT #20628]
 2009-11-18 21:22:31 +00:00
Automatic Updater
53d502202a update copyright notice 2009-11-12 23:47:59 +00:00
Mark Andrews
1d0ebb4cf2 2765. [bug] Skip masters for which the TSIG key cannot be found. 
[RT #20595]
 2009-11-12 23:30:36 +00:00
Evan Hunt
e9dff04d3b 2763. [bug] "rndc sign" didn't create an NSEC chain. [RT #20591] 2009-11-12 03:03:36 +00:00
Mark Andrews
302ed789bd 2752. [bug] Locking violation. [RT #20587] 2009-11-06 01:30:06 +00:00
Evan Hunt
ca97301c37 remove extra \n from a log message 2009-11-05 21:45:05 +00:00
Mark Andrews
0181a0a92f 2747. [bug] Journal roll forwards failed to set the re-signing 
time of RRSIGs correctly. [RT #20541]
 2009-11-04 01:25:55 +00:00
Automatic Updater
990dca4605 update copyright notice 2009-10-27 23:47:45 +00:00
Evan Hunt
95f2377b4f 2739. [cleanup] Clean up API for initializing and clearing trust 
anchors for a view. [RT #20211]
 2009-10-27 22:46:13 +00:00
Evan Hunt
e8831e51c1 2735. [bug] dnssec-signzone could fail to read keys 
that were specified on the command line with
			full paths, but weren't in the current
			directory. [RT #20421]
 2009-10-27 03:59:45 +00:00
Automatic Updater
b15df8f9bc update copyright notice 2009-10-20 23:47:32 +00:00
Evan Hunt
bfbd69c43f 2720. [bug] RFC 5011 trust anchor updates could trigger an 
assert if the DNSKEY record was unsigned. [RT #20406]
 2009-10-20 04:13:38 +00:00
Mark Andrews
29dd4bdd14 2717. [bug] named failed to update the NSEC/NSEC3 record when 
the last private type record was removed as a result
                        of completing the signing the zone with a key.
                        [RT #20399]
 2009-10-20 02:45:06 +00:00
Automatic Updater
97639003b0 update copyright notice 2009-10-12 23:48:02 +00:00
Evan Hunt
77b8f88f14 2712. [func] New 'auto-dnssec' zone option allows zone signing 
to be fully automated in zones configured for
			dynamic DNS.  'auto-dnssec allow;' permits a zone
			to be signed by creating keys for it in the
			key-directory and using 'rndc sign <zone>'.
			'auto-dnssec maintain;' allows that too, plus it
			also keeps the zone's DNSSEC keys up to date
			according to their timing metadata. [RT #19943]
 2009-10-12 20:48:12 +00:00
Automatic Updater
8667770ad2 update copyright notice 2009-10-10 23:47:58 +00:00
Evan Hunt
3727725bb7 2710. [func] New 'dnssec-signzone -x' flag and 'dnskey-ksk-only' 
zone option cause a zone to be signed with only KSKs
			signing the DNSKEY RRset, not ZSKs.  This reduces
			the size of a DNSKEY answer.  [RT #20340]
 2009-10-10 01:48:00 +00:00
Mark Andrews
bb4e0bd8e8 silence ininitialised 2009-10-08 23:58:14 +00:00
Mark Andrews
0838b3c02f Recompute check_ksk as it may have changed 2009-10-08 23:55:57 +00:00
Automatic Updater
15bbb8a129 update copyright notice 2009-10-08 23:48:10 +00:00
Mark Andrews
2847930722 2708. [func] Insecure to secure and NSEC3 parameter changes via 
update are now fully supported and no longer require
                        defines to enable.  We now no longer overload the
                        NSEC3PARAM flag field, nor the NSEC OPT bit at the
                        apex.  Secure to insecure changes are controlled by
                        by the named.conf option 'secure-to-insecure'.

                        Warning: If you had previously enabled support by
                        adding defines at compile time to BIND 9.6 you should
                        ensure that all changes that are in progress have
                        completed prior to upgrading to BIND 9.7.  BIND 9.7
                        is not backwards compatible.
 2009-10-08 23:13:07 +00:00
Automatic Updater
464f9144fe update copyright notice 2009-10-05 23:48:27 +00:00
Evan Hunt
3ff75c89eb 2704. [bug] Serial of dynamic and stub zones could be inconsistent 
with their SOA serial.  [RT #19387]
 2009-10-05 19:39:20 +00:00